Increasing numbers of businesses are breaching staff data rules, with hefty fines for those who allow private information to be accessed easily, figures have shown.
The Information Commissioner's Office (ICO) issued 68 warning notices for data security lapses in the year to June 3 - up 48% from 46 the previous year, according to the study.
The ICO has also increased its use of fines, issuing 15 fines worth £1.8 million in the last 12 months, compared with just six fines worth £431,000 in the previous year.
Analysts with Syscap - an independent funder to the education sector - say that while the majority of fines have been against public bodies, the ICO is also increasingly taking action against private organisations that lose data.
With the ICO cracking down, small businesses in particular are at risk, as they often lack the appropriate safeguards to properly monitor and track their ICT equipment, researchers say, leaving them more open to fines when data is lost.
Syscap chief executive Philip White said: "Small businesses are increasingly falling foul of the ICO. It's clear that the ICO is starting to take a much more proactive stance in penalising data lapses, so this is something that business owners need to take very seriously.
"Businesses need to make sure that the correct safeguards are in place in order to secure their data, or they could be at risk of hefty fines in the near future."
However the largest fines issued by the ICO in recent months relate to authorities. Earlier this month Torbay Care Trust was hit with a £175,000 penalty after sensitive personal information relating to nearly 1,400 staff was published on the Devon authority's website. The trust said it had subsequently made improvements to its security.
In June, Belfast Health and Social Care Trust was fined £225,000 for compromising the security of sensitive personal data, while Brighton and Sussex University Hospitals NHS Trust was fined £325,000 following the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff on hard drives sold online.
The ICO recently launched a best practice guide on how small businesses could keep their data secure.